On Thu, 6 Sep 2001, Greg KH wrote:
> If not, the overhead of having another void * indirection, and a search
> on a list of 1 member (another indirection), would not be nice for those
> people concerned with speed issues.
Actually, would it really require this overhead? You can embed the
common header at the beginning of your module's private security
blob structure, and if you only have one module, then you'll match
on the first comparison with the module id, so there won't be any
list searching. The header would be:
struct security_obj_header {
unsigned int id;
struct list_head s_list;
};
The module would define its own structure, e.g.
struct my_module_security_obj {
struct security_obj_header header;
my_module_private_state;
};
and use this structure for its objects.
On a hook call, the module would check the id in the first header
referenced by obj->security, and if it matched, it would just cast
the obj to my_module_security_obj and use it. No extra dereferencing
and no list searches.
--
Stephen D. Smalley, NAI Labs
ssmalleyat_private
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 13:52:29 PDT